Skip to content
{ 2015 09 22 }

XcodeGhost infected Applications; might include Mercury

First really serious hack to impact iOS devices that are not jail-broken manages to inject spyware into several apps that were actually in the Apple App store. There are several good articles covering XcodeGhost and the hacked apps that may have been developed with XcodeGhost. One of the better written ones is on ArsTechnica, of course…

Apple Scrambles After 40 Malicious XcodeGhost Apps Haunt App Store

This impacts China more than most, as most of the apps are Chinese language apps targeting people in China; but there are a few reputedly infected apps that are in global use, including the Mercury web browser!

That hits home, as I have been using Mercury on iOS (iPad and iPhone) for a long time as an alternative to Safari (I use several browsers with different settings and permissions to have different privacy modes). The news that Mercury might be spying on me is more than a little frightening.

The good news, I don’t trust any iOS browser to do anything – I never save passwords, rarely allow them to use location, etc.. so the amount of information gathered is limited to the use of the browser itself.

Also – I am using Mercury 9.1.0; and my firewall is not seeing any traffic to 92.242.140.21 (the IP address of init.icloud-analysis.com where the reports are allegedly going); so I am hopeful that that version of Mercury is not infected (but there is no guarantee). I am pretty sure the newer versions released after May 31st, 2015 are infected (that is when Mercury was briefly unavailable in the App Store and only resumed under a different publisher than original versions).

Timeline of Mercury so far (some google searching):
2009/08/24 iLegendSoft registered their website
2009/12/23 Mercury is already released and reviews are beginning to appear
2012/07/27 mercury-browser is out and website launched
2014/12/21 Mercury 8.9.4 released, still with plenty of info – probably a good version
2015/04/29 Mercury 9.0.7 released
2015/05/06 Mercury 9.0.10 released
2015/05/?? Mercury 9.1.0 released
2015/05/31 Mercury disappears from app store
2015/07/06 Mercury 9.2.1 announced on Facebook – likely hacked – new publisher “Lucy Ding” instead of iLegendSoft
2015/09/18 XcodeGhost hack unveiled – Mercury on the list of infected apps according to some news outlets

Until we know more, do NOT install Mercury, and it is probably best to figure out what private information you have entered into Mercury and clear that if you are not certain it is safe (change passwords, and the like).

It is a testimony to how good the walled garden of the app store is, that this is really the first serious hack of un-broken iPhones and iPads since their debut several years ago. That is amazing.

Posted by snolan on Tuesday, September 22, 2015, at 6:38 am. Filed under Computer Security. Follow any responses to this post with its comments RSS feed. You can post a comment or trackback from your blog.

{ 1 } Comments